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Remarks 

Reconsideration is requested in view of the following remarks. No claims are amended but 
new claims 23-24 are presented for consideration. Upon entry of this Amendment, claims 1-5, 7-12, 
14, and 19-24 are pending. Claims 1 and 9 are independent. 

Support for new claims 23-24 can be found in the application at, for example, pages 19-20. 
No new matter is introduced. 

Claim rejections under 35 U.S.C. §103 in View of Brown and Odom 

Claims 1, 2, 9-12, and 19 are rejected as obvious from a combination of Brown et al., U.S. 
Patent 5,557,686 (hereinafter Brown) and Odom, U.S. Patent 7,350,078 (hereinafter Odom). This 
rejection is traversed. 

Neither Brown nor Odom teaches or suggests at least "a data interception unit for receiving 
inputs from a user, wherein the data interception unit is configured to passively collect mouse data 
generated in response to the user" as recited in claim 1 . 

In contrast to claim 1, both Brown and Odom teach actively receiving data that is generated in 
response to predetermined keystroke sequences or predetermined mouse gestures. For example, 
according to Brown, user access is provided as follows: 

sample is from an authorized user. Last, when a user desires 
30 access to the system, the user types the previously deter- 
mined keystroke sequence which is constructed into a vector 
and fed into the trained neural network. Note that alternative 

See Brown, col. 2, lines 29-32. Thus, Brown merely teaches that authorization is based on the user 
duplicating a previously entered keystroke sequence. 

Odom fails to cure the deficiencies of Brown. According to Odom, data submissions by a user 
can be passively terminated when sufficient data is received so that an authentication decision can be 
made. But these passively terminated data submissions are user attempts to duplicate previous actions 
chosen by the user or presented to the user for use as an authentication key: 
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20 



10 



15 



Historically, validation 18 has required an absolute signal 
match 5 to input 22: for example, no deviance from a 
character-based password has been permitted. With mouse 
107 movements, or other difficult-to-exactly-replicate sig- 
nals 2, however, some tolerance may be permitted. Signal 22 
tolerance should be allowed when appropriate, and may be 
set by software-determined protocol or user selection. For 
example, deviance up to 10% from recorded signal match 5 
for keystroke timing 211 may be acceptable. Similarly, as 
another example, mouse click location may vary within a 
radius of 10 pixels and still be tolerated. As multiple signals 
2 may comprise a submission 9, the need for exactness for 
any single signal 2 to properly authenticate access 97 is 
lessened. 



See Odom, col. 4, lines 10-23. Thus, according to Odom, user authentication is based on specific 
predetermined mouse gestures which a user attempts to duplicate. In contrast, according to claim 1, 
mouse data is collected passively, that is, without instruction or prompt by the computing system and 
without the user being called upon to perform any particular actions or sets of actions. Thus, both 
Brown and Odom describe methods for user authentication based on user duplication of predetermined 
sets of actions. In both Brown and Odom, the user is expected to provide the same predetermined data 
to be granted access. According to claim 1, verification is based on how the user performs any series 
of actions, that is, based on passive data collection. For at least this reason, claim 1 and its dependent 
claims are properly allowable. 

Independent claim 9 recites, in part, "passively collecting behavioral biometric information 
from the mouse." Neither Brown nor Odom teaches or suggests such passive information collection. 
Brown merely discloses using predetermined keystroke sequences. Odom fails to cure the deficiencies 
of Brown. Odom describes specific sequences which must be duplicated, or at least approximately 
duplicated, by a user for authentication. In contrast, claim 9 recites "passively collecting behavioral 
biometric information," i.e., collecting user data without any prompts or predetermined mouse 
sequences. Because Brown and Odom fail to disclose all the features of claim 9, claim 9 and its 
dependent claims are properly allowable. 
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Claim rejections under 35 U.S.C. §103 in View of Brown, Odom, and Boebert or Akiyama 

Claim 3 is rejected as obvious from a combination of Brown, Odom, and Boebert et al., U.S. 
Patent 5,967,718 (hereinafter "Boebert"). Claims 4-5, 7-8, 14, and 20-22 are rejected as obvious from 
a combination of Brown, Odom, and Akiyama, U.S. Patent 5,768,387 (hereinafter "Akiyama"). These 
rejections are traversed. Claims 3-5, 7-8, 14, and 20-22 depend from allowable claims 1 and 9 and are 
allowable for at least this reason. Applicants note that, according to Akiyama, mouse movements are 
detected in response to presentation of a menu screen. Akiyama, col. 11, lines 42-47 and Figs. 8-10. 
Thus, Akiyama discloses actively collecting mouse movement data, and Akiyama does not disclose or 
suggest passive data collection as claimed. For this reason, Akiyama fails to cure the deficiencies of 
Brown and Odom and all pending claims are patentable over any combination of these references. In 
addition, dependent claims 3-5, 7-8, 14, and 20-22 recite additional features and combinations of 
features that are novel and non-obvious over the cited references, but to expedite prosecution, these 
rejections are not belabored further herein. 

Summary 

The pending claims are directed to methods and apparatus that permit user authentication 
without requiring a user to duplicate passwords, passphrases, mouse sequences, or other predetermined 
submissions. In contrast, Brown and Odom merely apply biometrics to conventional password based 
systems. The novel and non-obvious claimed methods and apparatus permit arbitrary user input 
gestures to be used for authentication, and predetermined passwords, graphical sequences, and prompts 
to enter specific authentication information are not needed. The Odom reference explicitly 
acknowledges this key difference: "Computer login may comprise any user determined submission." 
See Odom, Abstract. In contrast, in the claimed apparatus and methods, there are no user determined 
submissions - the user merely begins to use the keyboard or the mouse. 
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Conclusion 



For at least the above reasons, all pending claims are in condition for allowance and action to 
such end is respectfully requested. If any issues arise, or if a telephone conference is deemed helpful, 
the Examiner is requested to telephone the undersigned. 

Respectfully submitted, 
KLARQUIST SPARKMAN, LLP 
One World Trade Center, Suite 1600 * 



121 S.W. Salmon Street 
Portland, Oregon 97204 
Telephone: (503) 595-5300 
Facsimile: (503) 595-5301 



By 




Michael D. Jones 
Registration No. 41,879 
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